Snowden: 美国入侵中国移动网络运营商，窃取大量用户手机短信

EXCLUSIVE: US spies on Chinese mobile phone companies, steals SMS data: Edward Snowden

The US government is stealing millions of text messages in their hacking attacks on major Chinese mobile phone companies, Edward Snowden has told the Post

The US government is hacking Chinese mobile phone companies to steal millions of text messages, Edward Snowden has told the South China Morning Post. And the former National Security Agency contractor claims he has the evidence to prove it.

The former CIA technician and NSA contractor, hiding in Hong Kong after the US sought his arrest, made the claims after revealing to the Post that the NSA had snooped on targets in Hong Kong and on the mainland.

Edward Snowden. Photo: AP“There’s far more than this,” Snowden said in an interview on June 12. “The NSA does all kinds of things like hack Chinese cell phone companies to steal all of your SMS data.”

Text messaging is the most preferred communication tool in mainland China, used widely by ordinary people and government officials from formal work exchanges to small chats.

Government data show that the Chinese exchanged almost 900 billion text messages in 2012, up 2.1 per cent from the year before. China Mobile is the world’s largest mobile network carrier, with 735 million subscribers by the end of May. China Unicom, the second largest, has 258 million users. China Telecom comes in third with 172 million users.

Snowden’s leaks have rocked the international community for the past two weeks and fired up a debate about US government surveillance of citizens’ phone calls and internet browsing data without due cause.

Now, as the likes of Huawei, Datang and ZTE dramatically improve their suite of products and the reliance on foreign-made parts has dropped, some experts with ties to Beijing have become more vocal.

For years, cybersecurity experts on the mainland have been concerned that telecommunications equipment was vulnerable to so-called “backdoor” attacks, taking advantage of foreign-made components. They have kept quiet because domestic hardware suppliers were still striving to catch up with their international competitors.

Fang Binxing, president at the Beijing University of Posts and Telecommunications and widely believed to be the father of China’s “great firewall”, which restricts access to the web, told News China in October last year that foreign equipment was a serious threat to national security.

President Fang Binxing of the Beijing University of Posts and Telecommunications. Photo: Xinhua

“China should set up a national information security review commission as soon as possible,” he said.

Telecom companies have started replacing foreign-made equipment.

China Unicom quietly replaced all Cisco routers at a key backbone hub in Wuxi, Jiangsu last year, according to the National Business Daily.

The changes are being kept quiet to avoid panic and embarrassment to the government, people in the industry say.

A series of reports based on documents provided by Snowden to The Guardian revealed how the US compelled telecommunications provider Verizon to hand over information about phone calls made by US citizens.

The leaked documents also revealed the Prism programme, which gave the US far-reaching access to internet browsing data from Google, Facebook, Apple, Skype, Yahoo and others.

The US and UK also had technology which gave them unauthorised access to Blackberry phones of delegates at two G20 summits in London in 2009, Snowden said.

The US government has defended its electronic surveillance programmes during congressional hearings with claims that up to 50 would-be terrorist attacks were foiled because of the intelligence gathered by the NSA.

US President Barack Obama says the NSA is not listening in on phone calls or reading emails unless legal requirements have been satisfied.

This article appeared in the South China Morning Post print edition as US hacked Chinese telecoms firms

----------------------------------------

来看看美国NSA头头Gen. Keith Alexander是怎么回应窃取中国手机用户短信的：（其实就一句话：我们美国需要这些信息，而且我们是在美国法律范围内行事的。）

Gen. Keith Alexander, director of the National Security Administration, testifies on Capitol Hill in Washington, June 12, 2013, in this file photo. (Charles Dharapak/AP Photo)

STEPHANOPOULOS: In the statement that Hong Kong put out this morning, explaining why they allowed Snowden to leave, they also say they've written to the United States government requesting clarification on the reports, based on Snowden's information, that the United States government attacked (ph) computer systems in Hong Kong. 

 He said that the NSA does all kinds of things like hack Chinese cell phone companies to steal all of your SMS data. 

 Is that true? 

 ALEXANDER: Well, we have interest in those who collect on us as an intelligence agency. But to say that we're willfully just collecting all sorts of data would give you the impression that we're just trying to canvas the whole world. 

 The fact is what we're trying to do is get the information our nation needs, the foreign intelligence, that primary mission, in this case and the case that Snowden has brought up is in defending this nation from a terrorist attack. 

 Now we have other intelligence interests just like other nations do. That's what you'd expect us to do. We do that right. Our main interest: who's collecting on us? And I'd just say let's look back at where that source comes from. 

STEPHANOPOULOS: Well, that was the government of Hong Kong putting out that statement. 

 Are you confident that we have not broken the laws of Hong Kong?

ALEXANDER: I'm confident that we're following the laws that our country has in doing what we do. We have a set of laws that guide how NSA acts; we follow those laws. We have tremendous oversight by all three portions of the government: the courts, Congress and the administration. 

Now when you look at these laws and the way they've been passed and the oversight mechanisms that we have, I am confident that we are following our laws.

来源：abc News NEW YORK, JUNE 23, 2013

----------------------------------------------------------

看看中国政府怎么回应斯诺登事件：（一句话：“中美两国构建新型大国关系，是前无古人、后启来者的伟大事业。”）

        得益于长期以来的积累，中美合作具有很好的基础。但是，某些美国政客操纵的暗流并没有退去，仍在借机对中美关系的主流进行冲击。这股暗流干扰美国对华政策的连贯性，阻碍中美两国建立战略互信。中美关系大船沿着既定航线稳定前行，就必须提防和遏制这股暗流的干扰。

　回顾中美重新打开交往大门40多年的历史，两国经历的一些风雨完全是某些美国政客一手制造出来的。在“棱镜门”和中国之间建立“新关联”，无异于在中美关系的晴空布下一块新的阴云。阴云不除，贻害无穷。道理很简单，阴云不仅遮蔽阳光，集聚到一处，还真有可能掉下几滴雨点来。用好“新关联”这部反面教材，就是不能让“新关联”不了了之。胡言乱语不付出必要的代价，某些人继续扮演“大嘴”的冲动就难以消除。

　　中美两国构建新型大国关系，是前无古人、后启来者的伟大事业。双方既要大处着眼、登高望远，又要小处着手、积微成著。不断积累正能量，为中美关系营造良好氛围，至关重要。

来源：《 人民日报 》（ 2013年06月19日 05 版）钟 声

(说明：外交部发言人华春莹在23号回答记者提问时才回应说中方已向美发提出交涉，这种外交辞令没有实质内容，远不及人民日报钟声的文章更能全面具体反映中国政府的态度。)

NSA Prism program taps in to user data of Apple, Google and others

NSA Prism program taps in to user data of Apple, Google and others
Glenn Greenwald and Ewen MacAskill
• Top-secret Prism program claims direct access to servers of firms including Google, Apple and Facebook

• Companies deny any knowledge of program in operation since 2007
• Obama orders US to draw up overseas target list for cyber-attacks

A slide depicting the top-secret PRISM program.

The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.

The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.

The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims "collection directly from the servers" of major US service providers.

Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.

In a statement, Google said: "Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a back door for the government to access private user data."

Several senior tech executives insisted that they had no knowledge of Prism or of any similar scheme. They said they would never have been involved in such a program. "If they are doing this, they are doing it without our knowledge," one said.

An Apple spokesman said it had "never heard" of Prism.

The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.

The program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.

It also opens the possibility of communications made entirely within the US being collected without warrants.

Disclosure of the Prism program follows a leak to the hGuardian on Wednesday of a top-secret court order compelling telecoms provider Verizon to turn over the telephone records of millions of US customers. (Link here)
The participation of the internet companies in Prism will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.

Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.

It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

Collectively, the companies cover the vast majority of online email, search, video and communications networks.

 (这张幻灯片显示至少有九家互联网公司参与了该计划)

The extent and nature of the data collected from each company varies.

Companies are legally obliged to comply with requests for users' communications under US law, but the Prism program allows the intelligence services direct access to the companies' servers. The NSA document notes the operations have "assistance of communications providers in the US".

The revelation also supports concerns raised by several US senators during the renewal of the Fisa Amendments Act in December 2012, who warned about the scale of surveillance the law might enable, and shortcomings in the safeguards it introduces.

When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.

A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.

The document is recent, dating to April 2013. Such a leak is extremely rare in the history of the NSA, which prides itself on maintaining a high level of secrecy.

The Prism program allows the NSA, the world's largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.

With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.

The presentation claims Prism was introduced to overcome what the NSA regarded as shortcomings of Fisa warrants in tracking suspected foreign terrorists. It noted that the US has a "home-field advantage" due to housing much of the internet's architecture. But the presentation claimed "Fisa constraints restricted our home-field advantage" because Fisa required individual warrants and confirmations that both the sender and receiver of a communication were outside the US.

"Fisa was broken because it provided privacy protections to people who were not entitled to them," the presentation claimed. "It took a Fisa court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all."

The new measures introduced in the FAA redefines "electronic surveillance" to exclude anyone "reasonably believed" to be outside the USA – a technical change which reduces the bar to initiating surveillance.

The act also gives the director of national intelligence and the attorney general power to permit obtaining intelligence information, and indemnifies internet companies against any actions arising as a result of co-operating with authorities' requests.

In short, where previously the NSA needed individual authorisations, and confirmation that all parties were outside the USA, they now need only reasonable suspicion that one of the parties was outside the country at the time of the records were collected by the NSA.

The document also shows the FBI acts as an intermediary between other agencies and the tech companies, and stresses its reliance on the participation of US internet firms, claiming "access is 100% dependent on ISP provisioning".

In the document, the NSA hails the Prism program as "one of the most valuable, unique and productive accesses for NSA".

It boasts of what it calls "strong growth" in its use of the Prism program to obtain communications. The document highlights the number of obtained communications increased in 2012 by 248% for Skype – leading the notes to remark there was "exponential growth in Skype reporting; looks like the word is getting out about our capability against Skype". There was also a 131% increase in requests for Facebook data, and 63% for Google.

The NSA document indicates that it is planning to add Dropbox as a PRISM provider. The agency also seeks, in its words, to "expand collection services from existing providers".

The revelations echo fears raised on the Senate floor last year during the expedited debate on the renewal of the FAA powers which underpin the PRISM program, which occurred just days before the act expired.

Senator Christopher Coons of Delaware specifically warned that the secrecy surrounding the various surveillance programs meant there was no way to know if safeguards within the act were working.

"The problem is: we here in the Senate and the citizens we represent don't know how well any of these safeguards actually work," he said.

"The law doesn't forbid purely domestic information from being collected. We know that at least one Fisa court has ruled that the surveillance program violated the law. Why? Those who know can't say and average Americans can't know."

Other senators also raised concerns. Senator Ron Wyden of Oregon attempted, without success, to find out any information on how many phone calls or emails had been intercepted under the program.

When the law was enacted, defenders of the FAA argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.

When the NSA reviews a communication it believes merits further investigation, it issues what it calls a "report". According to the NSA, "over 2,000 Prism-based reports" are now issued every month. There were 24,005 in 2012, a 27% increase on the previous year.

In total, more than 77,000 intelligence reports have cited the PRISM program.

Jameel Jaffer, director of the ACLU's Center for Democracy, that it was astonishing the NSA would even ask technology companies to grant direct access to user data.

"It's shocking enough just that the NSA is asking companies to do this," he said. "The NSA is part of the military. The military has been granted unprecedented access to civilian communications.

"This is unprecedented militarisation of domestic communications infrastructure. That's profoundly troubling to anyone who is concerned about that separation."

A senior administration official said in a statement: "The Guardian and Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. This law does not allow the targeting of any US citizen or of any person located within the United States.

"The program is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about US persons.

"This program was recently reauthorized by Congress after extensive hearings and debate.

"Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.

"The Government may only use Section 702 to acquire foreign intelligence information, which is specifically, and narrowly, defined in the Foreign Intelligence Surveillance Act. This requirement applies across the board, regardless of the nationality of the target."

Additional reporting by James Ball and Dominic Rushe

原文在此

法庭强制Verizon 提交通话记录的原文件：
http://s3.documentcloud.org/documents/709012/verizon.pdf
NSA 主任James Clapper承认以上Guardian的报道属实：
http://www.guardian.co.uk/world/2013/jun/07/clapper-secret-nsa-surveillance-prism
为什么各家公司一致抵赖"No Such Agency"?
http://www.nytimes.com/2013/06/08/technology/tech-companies-bristling-concede-to-government-surveillance-efforts.html?pagewanted=all&_r=0